In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-03-04T15:50:06

Updated: 2024-08-03T03:28:42.597Z

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-22946

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-04T16:15:10.377

Modified: 2024-11-21T06:47:39.557

Link: CVE-2022-22946

cve-icon Redhat

No data.